Omniscia 0xPhase Audit
StorageUpgradeableProxy Static Analysis Findings
StorageUpgradeableProxy Static Analysis Findings
SUP-01S: Data Location Optimizations
| Type | Severity | Location |
|---|---|---|
| Gas Optimization |  | StorageUpgradeableProxy.sol:L58-L59 |
Description:
The linked input arguments are set as memory in external function(s).
Example:
55function upgradeTo(56 address _newStorage,57 bytes32 _newSlot,58 bytes memory _oldImplementationData,59 bytes memory _newImplementationData60) external onlyOwner {Recommendation:
We advise them to be set as calldata optimizing their read-access gas cost.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
The referenced data location specifiers have been optimally set to calldata as advised.
SUP-02S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | StorageUpgradeableProxy.sol:L34-L46 |
Description:
The linked function(s) accept address arguments yet do not properly sanitize them.
Impact:
The presence of zero-value addresses, especially in constructor implementations, can cause the contract to be permanently inoperable. These checks are advised as zero-value inputs are a common side-effect of off-chain software related bugs.
Example:
34constructor(35 address _owner,36 address _storage,37 bytes32 _slot,38 bytes memory _initialCall39) {40 _setImplementation(_storage, _slot);41 _initializeOwnership(_owner);42
43 if (_initialCall.length > 0) {44 CallLib.delegateCallFunc(address(this), _initialCall);45 }46}Recommendation:
We advise some basic sanitization to be put in place by ensuring that each address specified is non-zero.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
Both input addresses of the contact's StorageUpgradeableProxy::constructor are sanitized as non-zero, preventing the contract from being misconfigured on deployment.